DosBox and Viruses
Welcome, Guest.
“Theory and practice sometimes clash. And when that happens, theory loses. Every single time.” ― Linus Torvalds

Author Topic: DosBox and Viruses  (Read 298 times)

Offline gregorylock

  • Contributor
  • *******
  • Posts: 845
DosBox and Viruses
« on: April 24, 2020, 05:37:32 PM »
When I was writing this post, I didn't realize that it was the same zip file containing the same virus over and over again.

I've been testing out DosBox.  I've been downloading some free games from https://www.dosgamesarchive.com/  Then I uploaded the files to https://www.virustotal.com/gui/home  Some of them show infections, and some doen't.  I did some research and noticed that other people have asked about this too.  The general question is, if the programs are contained into the Dosbox directory, and only accessed by Dosbox, can those viruses get out and infect your main system.  I don't think these viruses would do anything on a Linux System.  However even if I had an antivirus on my system, it wouldn't remove the viruses, because only 1 anti-virus on virustotal finds the viruses.  I tried to look for a download of the program and couldn't find anyway to download it and try.

dosgamesarchive.com have been recommended by some youtubers.  They have some in the free section, and then there are some that you can buy.  I went with the full version stuff.  I might have clicked on free too.  I don't remember.  It's been several weeks since I did this.

You can get and test these games listed here:
https://www.dosgamesarchive.com/filetype/full-version/

Games Infected
Code: [Select]
├── Alien Carnage
│   └── Infected:  apogicon.zip Jiangmin TrojanDropper.DOS.a
├── Arctic Adventure
│   └── Infected:  apogicon.zip  Jiangmin TrojanDropper.DOS.a
├── Bio Menace
│   └── Infected:  apogicon.zip  Jiangmin  TrojanDropper.DOS.a
├── Major Stryker
│   └── Infected:  apogicon.zip  Jiangmin  TrojanDropper.DOS.a
│   └── Pharaoh's Tomb
│       └── Infected:  apogicon.zip  Jiangmin  TrojanDropper.DOS.a

Full or Free Games that Checked out as Ok
Code: [Select]
├── AstroFire
├── babyold
├── BACKLASH A Turret Gunner Simulation
├── Beneath a Steel Sky
├── Beyond the Titanic
├── Chex Quest
├── City Beneath the Surface
├── Clyde's Revenge
├── Cyber Marine
├── Cylindrix
├── Dark Ages
├── Donald Duck's Playground
├── Dreamweb
├── Ducks
├── Electro Man
├── General Budda's Labyrinth
├── Get Lost!
├── God of Thunder
├── HACX
├── Hamsters
├── Heartlight
├── Heros I The Sanguine Seven
├── Hoosier City
├── Inner Worlds
├── Ken's Labyrinth
├── Kiloblaster
├── Kingdom of Kroz II
├── Legend of the Silver Talisman
├── LineWars II
├── Lure of the Temptress
├── Mickey's Space Adventure
├── Mission Cobra 98
├── Monuments of Mars
├── One Must Fall 2097
├── Operation Carnage
├── PaybackTime 2
├── Plague!!!
├── Psion Chess
├── Ragnarok
├── Revenge of the Mutant Camels
├── Robbo
├── Sango Fighter
├── Sango Fighter 2
├── SkyRoads
├── SkyRoads Xmas Special
├── Squarez Deluxe
├── Stargunner
├── Super Fighter
├── Supernova
├── Teenagent
├── TerraFire
├── The Adventures of Maddog Williams
├── The Black Cauldron
├── The Dungeons of Grimlor
├── The Dungeons of Grimlor II
├── The Elder Scrolls Arena
├── The Elder Scrolls Daggerfall
├── Thor's Hammer
├── Tricky Quiky Games
├── Triplane Turmoil
├── Trivia Whiz
├── Troll's Tale
├── Winnie the Pooh in the Hundred Acre Wood
├── Xargon
├── Xenophage Alien BloodSport
└── ZZT

I have Eset Rescue CD and Kaspersky Rescue CD.  Neither one found any viruses. 

Offline Spatry

  • Benevolent Dictator
  • Administrator - Sysop
  • **********
  • Posts: 5603
  • Cup of Linux Founder
    • Cup of Linux
Re: DosBox and Viruses
« Reply #1 on: April 25, 2020, 01:18:49 PM »
The only way those viruses would infect your MAIN or ROOT system is if you give the malware your root password. They can however cause havoc on your user account. Since most viruses are written for Windows based systems, odds are pretty good that it will sit there and do nothing. If they are written to sniff out a Linux filesystem... REPORT IT!
Windows assumes the user is an idiot... Linux DEMANDS Proof!

Offline gregorylock

  • Contributor
  • *******
  • Posts: 845
Re: DosBox and Viruses
« Reply #2 on: April 25, 2020, 03:05:48 PM »
The only way those viruses would infect your MAIN or ROOT system is if you give the malware your root password. They can however cause havoc on your user account. Since most viruses are written for Windows based systems, odds are pretty good that it will sit there and do nothing. If they are written to sniff out a Linux filesystem... REPORT IT!

When It comes to Viruses I wish I had the knowledge of Quidsup.  They sound like they are only meant for Dos.  "TrojanDropper.DOS.a"

Here is a google search: "TrojanDropper.DOS.a"

Offline Spatry

  • Benevolent Dictator
  • Administrator - Sysop
  • **********
  • Posts: 5603
  • Cup of Linux Founder
    • Cup of Linux
Re: DosBox and Viruses
« Reply #3 on: April 25, 2020, 05:48:06 PM »
The little red devil on my shoulder says... "Run dosbox in a VM which does not have access to your main hard drive nor internet access of any kind and hammer away... Always good to be in a walled in sandbox when toying with IFFY software.... Muah ha ha ha ha ha"

The angel on my other shoulder says "PRAY for world peace + the end of covid19 and use reliable FOSS software."
Windows assumes the user is an idiot... Linux DEMANDS Proof!

Offline gregorylock

  • Contributor
  • *******
  • Posts: 845
Re: DosBox and Viruses
« Reply #4 on: April 25, 2020, 06:23:01 PM »
The little red devil on my shoulder says... "Run dosbox in a VM which does not have access to your main hard drive nor internet access of any kind and hammer away... Always good to be in a walled in sandbox when toying with IFFY software.... Muah ha ha ha ha ha"

The angel on my other shoulder says "PRAY for world peace + the end of covid19 and use reliable FOSS software."

It looks to me like I could just delete the zip files that have the virus.  They are all the same file.  apogicon.zip  I might fire up my old windows 7 and try running some of the anti-virus software over it just to see what happens.  Either way I don't think I need that file.

Offline Ironclaw

  • Terminal Multiplexer
  • Staff Member
  • ********
  • Posts: 369
Re: DosBox and Viruses
« Reply #5 on: April 26, 2020, 10:56:55 PM »
Dosbox only has access to filesystems that you specifically hand to it, usually through the autoexec section of the config file.  That would have to be one hell of a virus to be able to access linux-type filesystems and still be small enough to fit into 640k without being noticed.
If you must persist, I will be forced to tar you, then gzip you and finally umount you.

Offline gregorylock

  • Contributor
  • *******
  • Posts: 845
Re: DosBox and Viruses
« Reply #6 on: April 27, 2020, 04:06:45 PM »
Dosbox only has access to filesystems that you specifically hand to it, usually through the autoexec section of the config file.  That would have to be one hell of a virus to be able to access linux-type filesystems and still be small enough to fit into 640k without being noticed.

As far as I know Dosbox only has access to my ~/DOS directory.

I just didn't want to take any chances.  I used the linux command shred -uv on every instance I had of that apogicon.zip file.  Then individually rescanned all the games in virustotal.com.  They all seem to checkout as not infected. 
Code: [Select]
shred -uv apogicon.zip

Offline Ironclaw

  • Terminal Multiplexer
  • Staff Member
  • ********
  • Posts: 369
Re: DosBox and Viruses
« Reply #7 on: April 28, 2020, 12:41:19 AM »
Theoretically you could break out of that with a symlink, but you'd have to do that on purpose.
If you must persist, I will be forced to tar you, then gzip you and finally umount you.